Hello,
We have implemented a SSO solution (actually impersonation) using the SDN article "How to Use Windows NT Logon for Single Sign-On in an SAP Web Application". This solution worked very well using a SNC Trusted connection to pass user information through a SAP .NET Connector application. We simply use the SAP Windows SNC DLL to form the connection and developed a custom .NET application.
Unfortuantely, our SAP instances are moving from a Windows platform to a UNIX platform, which completely breaks our trusted IIS->SAP relationship. Even worse, there are no plans to implement a SSO solution from the SAP GUI perspective. Therefore, we cannot leverage a SNC connection on the UNIX platform (like Kerberos).
Our SAP GUI users will now login in using a simple UID and password. This situation leaves my .NET application with very few options:
1) Create a login screen for the users. (They will complain about going from SSO to UID and PWD)
2) Implement a Kerberos SSO specifially for our application. (This solution might be a little costly and complex for our small .NET application)
3) Implement SAP Portal with Logon tickets (again, another costly endeavor)
4) Form a trust with SAP UNIX to pass in the EXTID attribute without using SNC. (This solution sounds improbable)
Questions:
Can anyone recommend a SSO (or impersonation) process for a .NET solution to UNIX?
Can anyone comment on the complexity and cost of setting up the SAP Portal or Kerberos?
Does anyone know how to form a trusted connection with SAP Unix without SNC?
thanks,
dave